package com.hddznet.uniplatform.sm.config;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import com.hddznet.uniplatform.sm.config.cas.CasAuthenticationFilter;
import com.hddznet.uniplatform.sm.config.cas.CasSecurityConfig;
import com.hddznet.uniplatform.sm.config.cas.CasUserDetailsAuthenticationProvider;
import com.hddznet.uniplatform.sm.config.cas.CasUserDetailsService;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private CasSecurityConfig casSecurityConfig;
	
	@Autowired
    private CasUserDetailsService casUserDetailsService;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		//配置 Http Basic 验证
		http.httpBasic().and()

		 // 在 UsernamePasswordAuthenticationFilter 前添加 CasAuthenticationFilter
        //.addFilterAt(casAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
		
		//登录验证码
		//.addFilterBefore(new KaptchaAuthenticationFilter("/login", "/login?error"), UsernamePasswordAuthenticationFilter.class)
		
		//扩展登录字段
		//.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
		
		//指定支持基于表单的身份验证。如果未指定FormLoginConfigurer#loginPage(String)，则将生成默认登录页面
		.formLogin().defaultSuccessUrl("/index", Boolean.TRUE)
		//.authenticationDetailsSource(authenticationDetailsSource)
		
		.and().rememberMe().tokenValiditySeconds(12*60*60)
		
		//允许基于使用HttpServletRequest限制访问
		.and().authorizeRequests()
		//可以访问
		.antMatchers(new String[]{
				"/login/**",
				"/sys/**",
				"/swagger-ui.html"
		}).permitAll()
		//拦截任何访问
		.anyRequest()
		//允许认证通过的用户访问
		.authenticated()
		
		 /*SpringSecurity默认开启了防止跨域攻击的功能，
        任何提交到后台的POST请求要验证是否带有_csrf参数，
        一旦传来的_csrf参数不正确，服务器便返回403错误，
        由于使用swagger测试，目前暂时不能设置_csrf参数，所以暂时关闭*/
		.and().csrf().disable()
		
		 .apply(casSecurityConfig);
		
	}
	
	public SimpleUrlAuthenticationFailureHandler failureHandler() {
        return new SimpleUrlAuthenticationFailureHandler("/login?error");
    }
	
	public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }
}
